Please support "Linux Netfilter NFLOG"

[NeptuneNeptune]

I captured packets through following codes on Android devices ` iptables -A OUTPUT -p udp --dport 53 -j CONNMARK --set-mark ${userId}

iptables -A OUTPUT -m owner --uid-owner ${userId} -j CONNMARK --set-mark ${userId}

iptables -A INPUT -m connmark --mark ${userId} -j NFLOG --nflog-group ${userId}

iptables -A OUTPUT -m connmark --mark ${userId} -j NFLOG --nflog-group ${userId}

nohup tcpdump -i nflog:${userId} -w ${pcapPath} > /dev/null 2>&1 & ` but I cannot analyse this pcap, because the packet wrapped by "Linux Netfilter NFLOG".

[davidmcgrew]

I think you are suggesting that mercury support the PCAP LINKTYPE for Netfilter https://www.tcpdump.org/linktypes/LINKTYPE_NFLOG.html, and parse the packet payload from that LINKTYPE and apply normal packet processing to it. Is that right? Thanks!

[davidmcgrew]

Hi NeptuneNeptune, mercury recently added support for multiple linktypes (but not NFLOG yet). Are you still interested in this issue? Thanks!